Overview

overview

10

Static

static

3

bzwa.exe

windows7-x64

10

bzwa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70783516c21114fb509a7e4b1c4f6ff58e08c481f7ec1dbb3433bcd98837555e

  • Size

    249KB

  • Sample

    241122-l3rwksymay

  • MD5

    bbc383a0a213df5876a0ef37d5bef380

  • SHA1

    6c195c08fea6488018e9c08f4242efb2e57ca306

  • SHA256

    70783516c21114fb509a7e4b1c4f6ff58e08c481f7ec1dbb3433bcd98837555e

  • SHA512

    4e28333e083b444cc014d0bebccbaedfc833312fb34dafd1062ebd069d53d30107df88772188a7bece845e10a60dc335d5cf57346dfb33d5b35c1dc921c9a7a1

  • SSDEEP

    6144:EePfFiDLfQ0OS6vLSMcLZv92U4UOLaSCcUIOV4VLVpzMaU:v1iDDQbS4ANv92TUWaSCcU/KVjzMp

Score
10/10
bdaejecaspackv2backdoordiscovery

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Targets

    • Target

      bzwa.exe

    • Size

      933KB

    • MD5

      d71ffaa29328353b394dcd613d6935ab

    • SHA1

      464b4fca112e9fb6a299fd44a4b32bc8a1ee4e9f

    • SHA256

      bf698c75cf8e70b00ef0dc1dca1220144aff0c016dc44fd0410e5774da3b2041

    • SHA512

      f457761b6e331a06ead72bf20bc5377d972b42761b2326a6090ad01eaa11bdc71ed9ac4331ef84a7a11ff8cf78bb1f7ffbc7dc7db6f5cbc4ec28faeedd324475

    • SSDEEP

      12288:EJLKppfDhILiihuu2uZZSnBd4OfnJ9YeckuZIcIHwVejWqV:EcppfDhIxSnBKOfHYZ+HwVejP

    Score
    10/10
    bdaejecaspackv2backdoordiscovery

    • Bdaejec

      Bdaejec is a backdoor written in C++.

      backdoorbdaejec

    • Bdaejec family

      bdaejec

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks